Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

GPU accelerated packet processing

From: Chris Schuler <cschuler () gmail com>
Date: Sun, 22 Nov 2009 16:04:26 -0500
Hello All,

I did some searching through the -user and -dev archives and did not come up
w/ any hits so I apologize if this has been discussed already.

Has anyone researched using a GPU to offload the processing of packets when
importing a capture? I know GPU's are not general purpose but they do have
the ability to really excel at certain operations. What I am not sure of is,
if the operations used in processing a capture would fit into those defined
instructions a GPU can perform. From the research mentioned below it appears
some benefit can come from this approach, I guess the question then becomes,
is it enough to justify the development.

Nvidia has their CUDA (http://www.nvidia.com/object/cuda_home.html)
technology and I'm sure AMD has some equivalent as well.

Some general googling has found a version of snort called Gnort that can
offload some processing to a GPU. There is also a company named ngaura
(http://ngarua.com/index.php/gapp <http://ngarua.com/index.php/gapp>) that
has a technology called GAPP (GPU Accelerated Packet Processing) that has
done some work on this.

Wireshark 1.3 has significantly improved the load times of captures files, I
am really looking forward to what is to come when it becomes final and we
see some of the new features in 1.4.  Also, the CACE Pilot product is very
nice, in fact, I wouldn't be surprised if any GPU offloading appeared there
first. Pilot has some nice features, I hope we see a trickle-down of
features to the wireshark product. I can only imagine how fast things could
be if GPU acceleration is able to be leveraged.

In my day to day duties I sometimes will have the need to perform packet
captures on very busy links, which I'm sure you all know can yield insanely
large capture files. Even when limiting the packet size these >1gig files
are a bear to work with.. One recent issue was detecting micro bursting that
was saturating a gig link and causing buffer saturation. This can be
difficult enough to find when the link is 100mbit, much less 1gbit, but I
digress.


I hope this comes across as an interesting idea and spurs some discussion.

Thanks,
Chris

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: